Process of information security, Other Subject

Process

The terms reasonable and prudent person, due diligence and due care have been used in the fields of Securities, Finance, and Law for a lot of years. In recent years these terms have found their method into the fields of computing and information safety. U.S.A. Federal Sentencing strategy now make it possible to hold corporate officers liable for failing to work out due care and due diligence in the organization of their information systems. In the business world, customers, business partners, stockholders and governments have the expectation that corporate officers will run the business in agreement with accepted business put into practice and in compliance with laws and other narrow necessities. This is often described as the "reasonable and prudent person" rule. A cautious person takes due concern to ensure that everything required is done to operate the business by noise business principles and in a legal ethical manner. A cautious person is also hard-working (mindful, attentive, and ongoing) in their due care of the business.

In the field of Information Safety, Harris presents the following definitions of due care and due diligence.

"Due care are steps that are taken to demonstrate that a corporation has taken responsibility for the behavior that take place within the corporation and has taken the essential steps to help protect the corporation, its resources, and employees." And, [Due diligence are the] "continual behavior that make certain the security mechanisms are repeatedly maintained and operational."

Notice should be made to two significant points in these definitions. First, in due care, steps are in use to show - this means that the steps can be established, measured, or even produce touchable artifacts. Second, in due industry, there are continual activities - this assets that people are actually doing things to observe and protect the guard mechanisms, and these behavior are continuing.